过程间流敏感的指针分析技术研究

Survey of Interprocedural Flow-sensitive Pointer Analysis Technology

指针分析技术是一种基础的静态程序分析技术,也是软件安全方向的研究热点之一,在软件缺陷检测、恶意代码分析、程序验证、编译器优化等应用场景中发挥着重要的作用,指针分析的精度在这些应用场景中至关重要。流敏感分析和过程间分析是提高指针分析精度最有效的两种技术。文中对现有的提高过程间流敏感指针分析精度的技术进行总结,从为提高精度所消除的信息入手,将分析方法分为两大类:一类是消除分析中的虚假信息,以避免指向信息沿虚假的返回路径或是虚假调用关系传播;另一类是消除分析中保守的指向关系,在每个程序点处根据设置的规则尽可能确定指针的唯一指向,而不是笼统地计算指针的多个可能指向。据此,详细比较了过程间流敏感指针分析技术的异同,并对指针分析技术未来的研究方向进行了展望。

Pointer analysis technology is a basic static program analysis technology,it has always been one of the research hotspots in the direction of software security,which plays an important role in software defect detection,malware analysis,program verification,compiler optimization and other application scenarios.The accuracy of pointer analysis in these application scenarios is crucial.Flow-sensitive analysis and interprocedural analysis are the two most effective techniques for improving the accuracy of pointer analysis.This paper summarizes the existing techniques for improving the accuracy of interprocedural flow-sensitive pointer analysis,starting from the information eliminated by methods to improve accuracy,and it is divided into two categories.One is to eliminate false information in the analysis to avoid the propagation of pointing information along a false return path or false call relations.The other is to eliminate the conservative points-to relations,so that to determine the unique location assigned to the pointer at each program point,rather than generally calculating the possible multiple points of the pointer.Accor-dingly,this paper compares the similarities and differences of the interprocedural flow sensitive pointer analysis technology in detail,and outlines the future research direction of the pointer analysis technology.